devise-security 0.12.0 → 0.18.0

data/.circleci/config.yml

@@ -1,41 +0,0 @@
-# Ruby CircleCI 2.0 configuration file
-#
-# Check https://circleci.com/docs/2.0/language-ruby/ for more details
-#
-version: 2
-jobs:
-  build:
-    docker:
-      # specify the version you desire here
-       - image: circleci/ruby:2.4.1-node-browsers
-
-      # Specify service dependencies here if necessary
-      # CircleCI maintains a library of pre-built images
-      # documented at https://circleci.com/docs/2.0/circleci-images/
-      # - image: circleci/postgres:9.4
-
-    working_directory: ~/repo
-
-    steps:
-      - checkout
-
-      # Download and cache dependencies
-      - restore_cache:
-          keys:
-          # fallback to using the latest cache if no exact match is found
-          - v1-dependencies-
-
-      - run:
-          name: install dependencies
-          command: |
-            bundle install --jobs=4 --retry=3 --path vendor/bundle
-
-      - save_cache:
-          paths:
-            - ./vendor/bundle
-          key: v1-dependencies-{{ checksum "Gemfile.lock" }}
-
-      # run tests!
-      - run:
-          name: run tests
-          command: bundle exec rake

data/.document

@@ -1,5 +0,0 @@
-lib/**/*.rb
-bin/*
-- 
-features/**/*.feature
-LICENSE.txt

data/.gitignore

@@ -1,40 +0,0 @@
-test/rails_app/log/*
-test/rails_app/tmp/*
-*~
-coverage/*
-*.sqlite3
-.bundle
-rdoc/*
-pkg
-# Have editor/IDE/OS specific files you need to ignore? Consider using a global gitignore:
-#
-# * Create a file at ~/.gitignore
-# * Include files you want ignored
-# * Run: git config --global core.excludesfile ~/.gitignore
-#
-# After doing this, these files will be ignored in all your git projects,
-# saving you from having to 'pollute' every project you touch with them
-#
-# Not sure what to needs to be ignored for particular editors/OSes? Here's some ideas to get you started. (Remember, remove the leading # of the line)
-#
-# For MacOS:
-#
-#.DS_Store
-#
-# For TextMate
-#*.tmproj
-#tmtags
-#
-# For emacs:
-#*~
-#\#*
-#.\#*
-#
-# For vim:
-#*.swp
-
-log
-test/tmp/*
-*.gem
-Gemfile.lock
-*.lock

data/.rubocop.yml

@@ -1,63 +0,0 @@
-AllCops:
-  TargetRubyVersion: 2.3
-  Include:
-    - '**/Rakefile'
-    - '**/config.ru'
-    - 'lib/tasks/**/*'
-  Exclude:
-    - Gemfile*
-    - 'db/**/*'
-    - 'config/**/*'
-    - 'bin/**/*'
-    - 'vendor/bundle/**/*'
-    - 'spec/support/**/*' # rspec support helpers have a strange api
-
-Rails:
-  Enabled: true
-
-# We don't care about method length, since we check method cyclomatic
-# complexity.
-Metrics/MethodLength:
-  Enabled: false
-
-Metrics/LineLength:
-  Max: 100
-
-Naming/FileName:
-  Exclude: ["devise-security.gemspec"]
-
-Style/ClassAndModuleChildren:
-  EnforcedStyle: compact
-  SupportedStyles:
-    - nested
-    - compact
-
-Style/HashSyntax:
-  EnforcedStyle: ruby19
-
-Style/SymbolArray:
-  EnforcedStyle: brackets
-
-# Trailing commas make for clearer diffs because the last line won't appear
-# to have been changed, as it would if it lacked a comma and had one added.
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: comma
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: comma
-Style/TrailingCommaInArguments:
-  EnforcedStyleForMultiline: comma
-
-# Cop supports --auto-correct.
-# Configuration parameters: PreferredDelimiters.
-Style/PercentLiteralDelimiters:
-  PreferredDelimiters:
-    # Using `[]` for string arrays instead of `()`, since normal arrays are
-    # indicated with `[]` not `()`.
-    '%w': '[]'
-    '%W': '[]'
-
-Style/AndOr:
-  # Whether `and` and `or` are banned only in conditionals (conditionals)
-  # or completely (always).
-  # They read better, more like normal English.
-  Enabled: false

data/.ruby-version

@@ -1 +0,0 @@
-2.2.9

data/.travis.yml

@@ -1,25 +0,0 @@
-language: ruby
-before_install: gem install bundler && bundler -v
-install: bundle install --jobs=3 --retry=3
-before_script: bundle install
-script: bundle exec rake
-rvm:
-  - 2.2.9
-  - 2.3.6
-  - 2.4.3
-  - 2.5.0
-  - ruby-head
-matrix:
-  allow_failures:
-    - rvm: ruby-head
-    - gemfile: gemfiles/rails_5.2_rc1.gemfile
-    - rvm: 2.4.3
-      gemfile: gemfiles/rails_4.1_stable.gemfile
-    - rvm: 2.5.0
-      gemfile: gemfiles/rails_4.1_stable.gemfile
-gemfile:
-  - gemfiles/rails_4.1_stable.gemfile
-  - gemfiles/rails_4.2_stable.gemfile
-  - gemfiles/rails_5.0_stable.gemfile
-  - gemfiles/rails_5.1_stable.gemfile
-  - gemfiles/rails_5.2_rc1.gemfile

data/Appraisals

@@ -1,19 +0,0 @@
-appraise 'rails-4.1-stable' do
-  gem 'rails', '~> 4.1.0'
-end
-
-appraise 'rails-4.2-stable' do
-  gem 'rails', '~> 4.2.0'
-end
-
-appraise 'rails-5.0-stable' do
-  gem 'rails', '~> 5.0.0'
-end
-
-appraise 'rails-5.1-stable' do
-  gem 'rails', '~> 5.1.0'
-end
-
-appraise 'rails-5.2-rc1' do
-  gem 'rails', '~> 5.2.0.rc1'
-end

data/Gemfile

@@ -1,3 +0,0 @@
-source "https://rubygems.org"
-gemspec
-gem 'omniauth'

data/Rakefile

@@ -1,28 +0,0 @@
-# frozen_string_literal: true
-
-$LOAD_PATH.unshift File.join(File.dirname(__FILE__), 'lib')
-require 'rubygems'
-require 'bundler'
-require 'rake/testtask'
-require 'rdoc/task'
-require 'devise-security/version'
-
-desc 'Default: Run DeviseSecurity unit tests'
-task default: :test
-
-Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
-  t.libs << 'test'
-  t.test_files = FileList['test/*test*.rb']
-  t.verbose = true
-  t.warning = false
-end
-
-Rake::RDocTask.new do |rdoc|
-  version = DeviseSecurity::VERSION.dup
-
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "devise-security #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end

data/devise-security.gemspec

@@ -1,44 +0,0 @@
-# -*- encoding: utf-8 -*-
-# frozen_string_literal: true
-
-$LOAD_PATH.push File.expand_path('../lib', __FILE__)
-require 'devise-security/version'
-
-Gem::Specification.new do |s|
-  s.name        = 'devise-security'
-  s.version     = DeviseSecurity::VERSION.dup
-  s.platform    = Gem::Platform::RUBY
-  s.licenses    = ['MIT']
-  s.summary     = 'Security extension for devise'
-  s.email       = 'natebird@gmail.com'
-  s.homepage    = 'https://github.com/devise-security/devise-security'
-  s.description = 'An enterprise security extension for devise.'
-  s.authors     = [
-    'Marco Scholl', 'Alexander Dreher', 'Nate Bird', 'Dillon Welch'
-  ]
-
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- test/*`.split("\n")
-  s.require_paths = ['lib']
-  s.required_ruby_version = '>= 2.2.9'
-
-  if RUBY_VERSION >= '2.4'
-    s.add_runtime_dependency 'rails', '>= 4.1.0', '< 6.0'
-  else
-    s.add_runtime_dependency 'railties', '>= 4.1.0', '< 6.0'
-  end
-  s.add_runtime_dependency 'devise', '>= 4.2.0', '< 5.0'
-
-  s.add_development_dependency 'appraisal'
-  s.add_development_dependency 'bundler', '>= 1.3.0', '< 2.0'
-  s.add_development_dependency 'coveralls', '~> 0.8'
-  s.add_development_dependency 'easy_captcha', '~> 0'
-  s.add_development_dependency 'm'
-  s.add_development_dependency 'minitest', '5.10.3' # see https://github.com/seattlerb/minitest/issues/730
-  s.add_development_dependency 'pry-byebug'
-  s.add_development_dependency 'pry-rescue'
-  s.add_development_dependency 'pry'
-  s.add_development_dependency 'rails_email_validator', '~> 0'
-  s.add_development_dependency 'rubocop', '~> 0'
-  s.add_development_dependency 'sqlite3', '~> 1.3', '>= 1.3.10'
-end

data/gemfiles/rails_4.1_stable.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "omniauth"
-gem "rails", "~> 4.1.0"
-
-gemspec path: "../"

data/gemfiles/rails_4.2_stable.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "omniauth"
-gem "rails", "~> 4.2.0"
-
-gemspec path: "../"

data/gemfiles/rails_5.0_stable.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "omniauth"
-gem "rails", "~> 5.0.0"
-
-gemspec path: "../"

data/gemfiles/rails_5.1_stable.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "omniauth"
-gem "rails", "~> 5.1.0"
-
-gemspec path: "../"

data/gemfiles/rails_5.2_rc1.gemfile

@@ -1,8 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "omniauth"
-gem "rails", "~> 5.2.0.rc1"
-
-gemspec path: "../"

data/lib/devise-security/models/old_password.rb

@@ -1,4 +0,0 @@
-require 'active_record'
-class OldPassword < ActiveRecord::Base
-  belongs_to :password_archivable, polymorphic: true
-end

data/lib/devise-security/orm/active_record.rb

@@ -1,18 +0,0 @@
-module DeviseSecurity
-  module Orm
-    # This module contains some helpers and handle schema (migrations):
-    #
-    #   create_table :accounts do |t|
-    #     t.password_expirable
-    #   end
-    #
-    module ActiveRecord
-      module Schema
-        include DeviseSecurity::Schema
-      end
-    end
-  end
-end
-
-ActiveRecord::ConnectionAdapters::Table.send :include, DeviseSecurity::Orm::ActiveRecord::Schema
-ActiveRecord::ConnectionAdapters::TableDefinition.send :include, DeviseSecurity::Orm::ActiveRecord::Schema

data/lib/devise-security/patches/confirmations_controller_captcha.rb

@@ -1,21 +0,0 @@
-module DeviseSecurity::Patches
-  module ConfirmationsControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        if valid_captcha_if_defined?(params[:captcha])
-          self.resource = resource_class.send_confirmation_instructions(params[resource_name])
-
-          if successfully_sent?(resource)
-            respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
-          respond_with({}, location: new_confirmation_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/confirmations_controller_security_question.rb

@@ -1,24 +0,0 @@
-module DeviseSecurity::Patches
-  module ConfirmationsControllerSecurityQuestion
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        # only find via email, not login
-        resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
-
-        if valid_captcha_or_security_question?(resource, params)
-          self.resource = resource_class.send_confirmation_instructions(params[resource_name])
-
-          if successfully_sent?(resource)
-            respond_with({}, location: after_resending_confirmation_instructions_path_for(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
-          respond_with({}, location: new_confirmation_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/passwords_controller_captcha.rb

@@ -1,20 +0,0 @@
-module DeviseSecurity::Patches
-  module PasswordsControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        if valid_captcha_if_defined?(params[:captcha])
-          self.resource = resource_class.send_reset_password_instructions(params[resource_name])
-          if successfully_sent?(resource)
-            respond_with({}, location: new_session_path(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
-          respond_with({}, location: new_password_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/passwords_controller_security_question.rb

@@ -1,23 +0,0 @@
-module DeviseSecurity::Patches
-  module PasswordsControllerSecurityQuestion
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        # only find via email, not login
-        resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
-
-        if valid_captcha_or_security_question?(resource, params)
-          self.resource = resource_class.send_reset_password_instructions(params[resource_name])
-          if successfully_sent?(resource)
-            respond_with({}, location: new_session_path(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
-          respond_with({}, location: new_password_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/registrations_controller_captcha.rb

@@ -1,33 +0,0 @@
-module DeviseSecurity::Patches
-  module RegistrationsControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do |&block|
-        build_resource(sign_up_params)
-
-        if valid_captcha_if_defined?(params[:captcha])
-          if resource.save
-            block.call(resource) if block
-            if resource.active_for_authentication?
-              set_flash_message :notice, :signed_up if is_flashing_format?
-              sign_up(resource_name, resource)
-              respond_with resource, location: after_sign_up_path_for(resource)
-            else
-              set_flash_message :notice, :"signed_up_but_#{resource.inactive_message}" if is_flashing_format?
-              expire_data_after_sign_in!
-              respond_with resource, location: after_inactive_sign_up_path_for(resource)
-            end
-          else
-            clean_up_passwords resource
-            respond_with resource
-          end
-
-        else
-          resource.errors.add :base, t('devise.invalid_captcha')
-          clean_up_passwords resource
-          respond_with resource
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/sessions_controller_captcha.rb

@@ -1,24 +0,0 @@
-module DeviseSecurity::Patches
-  module SessionsControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do |&block|
-        if valid_captcha_if_defined?(params[:captcha])
-          self.resource = warden.authenticate!(auth_options)
-          set_flash_message(:notice, :signed_in) if is_flashing_format?
-          sign_in(resource_name, resource)
-          block.call(resource) if block
-          respond_with resource, location: after_sign_in_path_for(resource)
-        else
-          flash[:alert] = t('devise.invalid_captcha') if is_flashing_format?
-          respond_with({}, location: new_session_path(resource_name))
-        end
-      end
-
-      # for bad protected use in controller
-      define_method :auth_options do
-        { scope: resource_name, recall: "#{controller_path}#new" }
-      end
-    end
-  end
-end

data/lib/devise-security/patches/unlocks_controller_captcha.rb

@@ -1,20 +0,0 @@
-module DeviseSecurity::Patches
-  module UnlocksControllerCaptcha
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        if valid_captcha_if_defined?(params[:captcha])
-          self.resource = resource_class.send_unlock_instructions(params[resource_name])
-          if successfully_sent?(resource)
-            respond_with({}, location: new_session_path(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_captcha') if is_navigational_format?
-          respond_with({}, location: new_unlock_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/patches/unlocks_controller_security_question.rb

@@ -1,23 +0,0 @@
-module DeviseSecurity::Patches
-  module UnlocksControllerSecurityQuestion
-    extend ActiveSupport::Concern
-    included do
-      define_method :create do
-        # only find via email, not login
-        resource = resource_class.find_or_initialize_with_error_by(:email, params[resource_name][:email], :not_found)
-
-        if valid_captcha_or_security_question?(resource, params)
-          self.resource = resource_class.send_unlock_instructions(params[resource_name])
-          if successfully_sent?(resource)
-            respond_with({}, location: new_session_path(resource_name))
-          else
-            respond_with(resource)
-          end
-        else
-          flash[:alert] = t('devise.invalid_security_question') if is_navigational_format?
-          respond_with({}, location: new_unlock_path(resource_name))
-        end
-      end
-    end
-  end
-end

data/lib/devise-security/schema.rb

@@ -1,64 +0,0 @@
-module DeviseSecurity
-  # add schema helper for migrations
-  module Schema
-    # Add password_changed_at columns in the resource's database table.
-    #
-    # Examples
-    #
-    # # For a new resource migration:
-    # create_table :the_resources do |t|
-    #   t.password_expirable
-    # ...
-    # end
-    #
-    # # or if the resource's table already exists, define a migration and put this in:
-    # change_table :the_resources do |t|
-    #   t.datetime :password_changed_at
-    # end
-    #
-    def password_expirable
-      apply_devise_schema :password_changed_at, DateTime
-    end
-
-    # Add password_archivable columns
-    #
-    # Examples
-    #
-    # create_table :old_passwords do
-    #   t.password_archivable
-    # end
-    # add_index :old_passwords, [:password_archivable_type, :password_archivable_id], name: :index_password_archivable
-    #
-    def password_archivable
-      apply_devise_schema :encrypted_password, String, limit: 128, null: false
-      apply_devise_schema :password_salt, String
-      apply_devise_schema :password_archivable_id, Integer, null: false
-      apply_devise_schema :password_archivable_type, String, null: false
-      apply_devise_schema :created_at, DateTime
-    end
-
-    # Add session_limitable columns in the resource's database table.
-    #
-    # Examples
-    #
-    # # For a new resource migration:
-    # create_table :the_resources do |t|
-    #   t.session_limitable
-    # ...
-    # end
-    #
-    # # or if the resource's table already exists, define a migration and put this in:
-    # change_table :the_resources do |t|
-    #   t.string :unique_session_id, limit: 20
-    # end
-    #
-    def session_limitable
-      apply_devise_schema :unique_session_id, String, limit: 20
-    end
-
-    def expirable
-      apply_devise_schema :expired_at, DateTime
-      apply_devise_schema :last_activity_at, DateTime
-    end
-  end
-end

data/lib/generators/templates/devise-security.rb

@@ -1,38 +0,0 @@
-Devise.setup do |config|
-  # ==> Security Extension
-  # Configure security extension for devise
-
-  # Should the password expire (e.g 3.months)
-  # config.expire_password_after = false
-
-  # Need 1 char of A-Z, a-z and 0-9
-  # config.password_regex = /(?=.*\d)(?=.*[a-z])(?=.*[A-Z])/
-
-  # How many passwords to keep in archive
-  # config.password_archiving_count = 5
-
-  # Deny old password (true, false, count)
-  # config.deny_old_passwords = true
-
-  # enable email validation for :secure_validatable. (true, false, validation_options)
-  # dependency: need an email validator like rails_email_validator
-  # config.email_validation = true
-
-  # captcha integration for recover form
-  # config.captcha_for_recover = true
-
-  # captcha integration for sign up form
-  # config.captcha_for_sign_up = true
-
-  # captcha integration for sign in form
-  # config.captcha_for_sign_in = true
-
-  # captcha integration for unlock form
-  # config.captcha_for_unlock = true
-
-  # captcha integration for confirmation form
-  # config.captcha_for_confirmation = true
-
-  # Time period for account expiry from last_activity_at
-  # config.expire_after = 90.days
-end

data/test/dummy/app/models/secure_user.rb

@@ -1,3 +0,0 @@
-class SecureUser < ActiveRecord::Base
-  devise :database_authenticatable, :secure_validatable, email_validation: false
-end